InspectorController now binds sourceID to url and maintains a map of 'sticky'
breakpoints. Whenever script is loaded and there is a sticky breakpoint url matching,
breakpoint is being 'restored' synchronously in debug server and pushed to frontend.
Front-end no longer stores map of sticky breakpoints.

When page-break-{after,before} is set to always, force page breaks even for overflow-specified elements.
RenderBlock::inRootBlockContext() was introduced by Changeset 5611. Although it is a reasonable criteria for choosing an optional page break location, it is not for a mandatory page break as specified by ​http://dev.w3.org/csswg/css3-page/#forced-pg-brk. The method is removed because it is not used anywhere else.
Note: this patch makes page break work for overflow-specified elements. For tables and floated elements, more work is needed.​https://bugs.webkit.org/show_bug.cgi?id=9526

When page-break-{after,before} is set to always, force page breaks even for overflow-specified elements.
RenderBlock::inRootBlockContext() was introduced by Changeset 5611. Although it is a reasonable criteria for choosing an optional page break location, it is not for a mandatory page break as specified by ​http://dev.w3.org/csswg/css3-page/#forced-pg-brk. The method is removed because it is not used anywhere else.
Note: this patch makes page break work for overflow-specified elements. For tables and floated elements, more work is needed.​https://bugs.webkit.org/show_bug.cgi?id=9526

RenderLayer::updateLayerPositions() computes the clipped overflow rect
and the outline bounds for repaint, and then calls repaintAfterLayoutIfNeeded()
which can compute the same rects all over again. Avoid this by passing
these two rects into repaintAfterLayoutIfNeeded() if known. This measurably
reduces the time spent in updateLayerPositions() for some content.

(-[WebHTMLView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:]):
Suppress the warning and the forced layout if the view is not being drawn
in this display operation.

The plugInViewWithArguments: API passes a dictionary of plugin arguments. One of the parameters
is WebPlugInBaseURLKey, which is a key that represents the base URL of the document containing
the plug-in's view. Instead of sending the base URL, code in WebFrameLoaderClient::createPlugin
would incorrectly pass the source URL of the plug-in resource.

WebCoreSupport/WebFrameLoaderClient.mm:
(WebFrameLoaderClient::createPlugin): When building the plug-in arguments dictionary, pass the
real base URL for the WebPlugInBaseURLKey key.

I made ENABLE(SANDBOX) only control the sandbox attribute itself;
I did not ifdef the infrastructure to make sandboxing
switchable. This is because the likely concerns about sandboxing
are not stability of the infrastructure code, but rather the fact
that the security model exposed to authors is still evolving.

bridge/jni/jsc/JavaInstanceJSC.cpp: (JavaInstance::invokeMethod): Do handle returned arrays.
Also, added an ifdef around code that's only needed on Tiger, and removed a comment saying
it can be removed when "new" plugin ships. I doubt that anyone can remember what "new"
could refer to back then.

I made ENABLE(SANDBOX) only control the sandbox attribute itself;
I did not ifdef the infrastructure to make sandboxing
switchable. This is because the likely concerns about sandboxing
are not stability of the infrastructure code, but rather the fact
that the security model exposed to authors is still evolving.

page/EventHandler.cpp: (WebCore::EventHandler::handleMouseMoveEvent): Don't set mouse
pointer when above a plug-in or applet to prevent flicker.

WebKit:

Plugins/WebNetscapePluginEventHandlerCarbon.mm:
(WebNetscapePluginEventHandlerCarbon::mouseMoved): Send adjustCursor events on every mouse
move. This matches Firefox, and is actually required for plug-ins to manipulate cursor wihout
resorting to techniques such as fast firing timers.

Plugins/WebNetscapePluginView.mm:
(-[WebNetscapePluginView handleMouseEntered:]): Some plug-ins handle mouse cursor internally,
but those that don't just need to get an arrow cursor (matching Firefox). This means that
e.g. a plugin inside <A> won't get a finger mouse pointer.

WebView/WebHTMLView.mm:
(needsCursorRectsSupportAtPoint):
(setCursor):
(resetCursorRects):
Make sure that the same workaround we have for Web content also applies to Netscape plug-ins,
as AppKit would reset the mouse pointer to arrow if given a chance.
(+[WebHTMLViewPrivate initialize]): Renamed setCursorIMP on Leopard and higher to prevent
confusion - the method we override is completely different.
(-[WebHTMLView hitTest:]): Added a FIXME about a likely bug.

This test prints times and expects 0.1s precision even on Debug bots.
That can't work. Skipping the test to make the bots green until this can be made non-flakey
or until we have a layout test system which allows "failure" expectations.

JSString::getIndex() calls value() to resolve the string value (is a rope)
to a UString, then passes the result to jsSingleCharacterSubstring without
checking for an exception. In case of out-of-memory the returned UString
is null(), which may result in an out-of-buounds substring being created.
This is bad.

Reviewed by Oliver Hunt.

Simple fix is to be able to get an index from a rope without resolving to
UString. This may be a useful optimization in some test cases.

The same bug exists in some other methods is JSString, these can be fixed
by changing them to call getIndex().

We remove the Assert for now and return earlier, if the HashMap of the Masker
does not contain the RenderObject. The RenderObject is an identifiert to get
a already calculated mask.
A race condition during parsing can cause the invalidation call, before the mask
got calculated (only during DRT on Win build bots).
The real bug will be fixed with: ​https://bugs.webkit.org/show_bug.cgi?id=35181

Followup to avoid capturing compositing layers twice in snapshots. Add private
methods to WebView to specify whether drawing the WebView into an image will
include flattened compositing layers (the default behavior) or not.

WebView/WebFrame.mm:
(-[WebFrame _drawRect:contentsOnly:]): Consult the WebView flag to see if we
want flattening.

DumpRenderTreeQt.cpp calls QWebSettings::enablePersistentStorage which sets up
and enables all HTML5 persistent data. All the other calls for setting the
persistent path or enabling the persistent feature are redundant.

Improve the performance of getter dispatch by making it possible
for the interpreter to cache the GetterSetter object lookup.

To do this we simply need to make PropertySlot aware of getters
as a potentially cacheable property, and record the base and this
objects for a getter access. This allows us to use more-or-less
identical code to that used by the normal get_by_id caching, with
the dispatch being the only actual difference.

I'm holding off of implementing this in the JIT until I do some
cleanup to try and making coding in the JIT not be as horrible
as it is currently.

Add logic to determine when painting via the software rendering path will give an equivalent
result to the accelerated compositing presentation. This tests for the presence of 3D transforms
via the existing RenderLayerCompositor::has3DContent() method.

<rdar://problem/7658811> Multiple style recalcs due to getComputedStyle() on “display: none;” element
when there are pending style sheets

Reviewed by John Sullivan.

WebCore:

Test: fast/css/getComputedStyle/pending-stylesheet.html

When querying a property of a computed style declaration for a non-rendered element,
CSSStyleSelector::styleForElement() was called, and if there were pending style sheet, it
would behave as if the lack of renderer is due to FOUC suppression, and set a flag on
the document causing it to recalculate style. On the next computed style property access,
style would be recalculated for the document, but then the flag would get set again if the
element did not have a renderer.

dom/Document.cpp:

(WebCore::Document::styleForElementIgnoringPendingStylesheets): Added. Temporarily sets
m_ignorePendingStylesheets around the call to CSSStyleSelector::styleForElement().

dom/Document.h:

dom/Element.cpp:

(WebCore::Element::computedStyle): Use Document::styleForElementIgnoringPendingStylesheets().

We have rendering specific code in WebCore/svg/graphics. The goal is to move
this code into suitable Renderers. This helps us to clean up the code and makes
maintenance easier. It also makes it possible to remove rendering specific code
from SVG*Elements into this renderers. So the Renderer contains everything that
is needed to use the resource.
RenderSVGResource will be the base class for all new resource render classes like
RenderSVGResourceMasker, RenderSVGResourceClipper and the other resources.

This patch starts moving SVGResourceMasker to RenderSVGResourceMasker.
Another benefit is the much more useful result in DRT on using masker.

svg/SVGMaskElement.cpp: Update Masker to use the new renderer.
(WebCore::SVGMaskElement::svgAttributeChanged):
(WebCore::SVGMaskElement::childrenChanged):
(WebCore::SVGMaskElement::maskBoundingBox):
(WebCore::SVGMaskElement::createRenderer):

svg/SVGMaskElement.h:

svg/SVGStyledElement.cpp: We need to tell the renderer to unregister object, after the status changed.
(WebCore::SVGStyledElement::invalidateResources):
(WebCore::SVGStyledElement::invalidateResourcesInAncestorChain):

With the move from SVGResourceMasker to RenderSVGResourceMasker, I changed
the way DRT dumps resources. DRT is now able to dump multi-access
of resources.
Also the size of a Mask resource (depending of the object) and the access of
the resource (togeter with the resource name) is pointed out as an insertion
under the object.

This patch fixes a surprisingly common edge case in which the page heap
would have only one free span, but that span would be larger than the
minimum free size, so we would decide not to free it, even though it
could be as large as 100MB or more!

SunSpider reports no change on Mac or Windows.

wtf/FastMalloc.cpp:

(WTF::TCMalloc_PageHeap::scavenge): Call shouldContinueScavenging() instead
of doing the math ourselves. Don't keep a local value for pagesDecommitted
because that lets free_committed_pages_ be wrong temporarily. Instead,
update free_committed_pages_ as we go. ASSERT that we aren't releasing
a span that has already been released, because we think this is impossible.
Finally, don't be afraid to release all free memory in the page heap when
scavenging. We only scavenge after 5 seconds of the application's working
set not growing, and we keep both thread caches and a central cache on
top of the page heap, so the extra free pages in the page heap were just
overkill.

[Qt] Minor improvement to hybrid QPixmap​https://bugs.webkit.org/show_bug.cgi?id=34507
Instead of having toHTMLImageElement which creates a new element,
assignToHTMLImageElement would set an existing HTML <img/> element to
contain the native QPixmap/QImge.
Also made some style fixes.

On Windows/Linux keyboard based selections should always move the same
end of the seleciton. On Mac, lineboundary and documentboundary changes
move different ends of the selection depending on which direction your
extending.

(WebCore::HistoryController::updateBackForwardListForFragmentScroll): We have a known case where a fragment scroll

might take place with a null m_currentItem. updateBackForwardListClippedAtTarget() will either move m_currentItem
to m_previousItem then create a new m_currentItem... or it will do nothing. So we either have both an m_currentItem
and m_previousItem, or we have neither. In the case where we have no m_previousItem, return early.

WebKitTools:

Add the specific ability to test this API pattern.

For now only on Mac, perhaps on the main Windows port later, probably not relevant for other ports.

The NP Version supported by WebKit is at the moment hardcoded in
PluginPackage.cpp (to 24), but not all backends actually implement
the methods needed to claim this. Introduce a new method to be
implemented by each backend where the maximum supported version
can be specified, and set the GTK+ port NPVersion to 19. This
fixes an instantaneous crasher in the Sun Java NPAPI plugin.

(WebCore::HTMLFrameElementBase::setName):
Move the code setting the frame name into a separate function.

(WebCore::HTMLFrameElementBase::setNameAndOpenURL):
(WebCore::HTMLFrameElementBase::updateOnReparenting):
Called on the frame that was just re-parented and inserted into another Document.
Simply invoke Frame::transferChildFrameToNewDocument(...);

(WebCore::HTMLFrameElementBase::insertedIntoDocument):

html/HTMLFrameElementBase.h:

html/HTMLFrameOwnerElement.h:

(WebCore::HTMLFrameOwnerElement::setName):
Make this a virtual function, to be able to reach it via Frame::m_ownerElement.

loader/EmptyClients.h:

(WebCore::EmptyFrameLoaderClient::adoptFrame):

loader/FrameLoaderClient.h:

Add a new method, didTransferChildFrameToNewDocument().
It compliments createFrame() in that a frame which was re-parented
in DOM and potentially changes Page, should notify the WebKit
implementation about potential ownership change.
Many embedders assume that Page owns all the Frames, or at least
all Frames are destroyed before 'their' Page is destroyed. Obviously, if Frame
can be transferred to another Page, the embedders should be notified.

page/Frame.cpp:

(WebCore::Frame::transferChildFrameToNewDocument):
Added, makes actual adjustments for Frame - resets the Page,
updates the frame tree and frame name, calls to FrameLoaderClient
to update external objects and recurses into children.
Can only be used on child frames.

page/Frame.h:

WebKit/chromium:

src/FrameLoaderClientImpl.cpp:

(WebKit::FrameLoaderClientImpl::detachedFromParent3):
(WebKit::FrameLoaderClientImpl::didTransferChildFrameToNewDocument):
Since Chromium's WebFrameClient is destroyed once a window is closed,
if Frame moves between Pages, the client of corresponding WebFrame
should be replaced as well.

src/FrameLoaderClientImpl.h:

src/WebFrameImpl.h:

(WebKit::WebFrameImpl::setClient):

WebKit/gtk:

WebCoreSupport/FrameLoaderClientGtk.cpp:

(WebKit::FrameLoaderClient::didTransferChildFrameToNewDocument):
Added empty implementation of a new virtual method.

WebCoreSupport/FrameLoaderClientGtk.h:

WebKit/haiku:

WebCoreSupport/FrameLoaderClientHaiku.cpp:

(WebCore::FrameLoaderClientHaiku::didTransferChildFrameToNewDocument):
Added empty implementation of a new virtual method.

WebCoreSupport/FrameLoaderClientHaiku.h:

WebKit/mac:

WebCoreSupport/WebFrameLoaderClient.h:

WebCoreSupport/WebFrameLoaderClient.mm:

Added empty implementation of a new virtual method.

(WebFrameLoaderClient::didTransferChildFrameToNewDocument):

WebKit/qt:

Api/qwebframe_p.h:

(QWebFramePrivate::setPage): Added.

WebCoreSupport/FrameLoaderClientQt.cpp:

(WebCore::FrameLoaderClientQt::didTransferChildFrameToNewDocument):
The QWebFrame caches a QWebPage which should be replaced when Frame is re-parented.
Also, the QWebFrame is a child (in QT terms) of QWebPage - so update that relationship as well.
Emit a signal that QWebFrame moved to a different QWebPage.

WebCoreSupport/FrameLoaderClientQt.h:

WebKit/win:

WebCoreSupport/WebFrameLoaderClient.cpp:

(WebFrameLoaderClient::didTransferChildFrameToNewDocument):
Added empty implementation of a new virtual method.

WebCoreSupport/WebFrameLoaderClient.h:

WebKit/wx:

WebKitSupport/FrameLoaderClientWx.cpp:

(WebCore::FrameLoaderClientWx::didTransferChildFrameToNewDocument):
Added empty implementation of a new virtual method.

​https://bugs.webkit.org/show_bug.cgi?id=26937
No longer allow span styles to surround block elements like
divs when pasting (see paste-text-012 and 5065605 which had divs in
spans). This also causes a few cases of empty spans to be removed
(see 19089 and 5245519).

It's hard for Chromium port to load an icon inside
Icon::createIconForFiles() because of sanbox and multi-process
architecture. So this change adds a method to request an icon to
Chrome class, and makes FileChooser receives an Icon instance
asynchronously. Synchronous loading also works with the new interface.

Because all ports don't have implementations of Chrome::iconForFiles()
yet, FileChooser tries to load an Icon synchronously with
Icon::createIconForFiles(), then tries to load an Icon asynchronously
with Chrome::iconForFiles() if Icon::createIconForFiles() returns 0.

The existing Icon::createIconForFiles() implementations should be
moved to Chrome::iconForFiles(). We're going to remove
Icon::createIconForFiles().

BitmapImage::startAnimation was adding the current frame duration to the desired start time
of the frame for every time it was called. If the function then bailed out due to not having
sufficient data to render the frame, this would lead to the desired start time of the frame
being pushed out multiple times. On an animated GIF that took mulitple seconds to load this
could happen many times for a single frame, resulting in the start time of the second frame
of the animation being pushed out by as much as five seconds.

platform/graphics/BitmapImage.cpp:

(WebCore::BitmapImage::startAnimation): Change the order of the code slightly so that the
desired start time is only updated after determining that we have sufficient data to handle
the next frame.

We have rendering specific code in WebCore/svg/graphics. The goal is to move
this code into suitable Renderers. This helps us to clean up the code and makes
maintenance easier. It also makes it possible to remove rendering specific code
from SVG*Elements into this renderers. So the Renderer contains everything that
is needed to use the resource.
RenderSVGResource will be the base class for all new resource render classes like
RenderSVGResourceMasker, RenderSVGResourceClipper and the other resources.

This patch starts moving SVGResourceMasker to RenderSVGResourceMasker.
Another benefit is the much more useful result in DRT on using masker.

svg/SVGMaskElement.cpp: Update Masker to use the new renderer.
(WebCore::SVGMaskElement::svgAttributeChanged):
(WebCore::SVGMaskElement::childrenChanged):
(WebCore::SVGMaskElement::maskBoundingBox):
(WebCore::SVGMaskElement::createRenderer):

svg/SVGMaskElement.h:

svg/SVGStyledElement.cpp: We need to tell the renderer to unregister object, after the status changed.
(WebCore::SVGStyledElement::invalidateResources):
(WebCore::SVGStyledElement::invalidateResourcesInAncestorChain):

With the move from SVGResourceMasker to RenderSVGResourceMasker, I changed
the way DRT dumps resources. DRT is now able to dump multi-access
of resources.
Also the size of a Mask resource (depending of the object) and the access of
the resource (togeter with the resource name) is pointed out as an insertion
under the object.

Add a way for WebView and its dependancies to be selectively included
in WebKitStatistics leak tracking. By default WebView is not included and
you need to subclass WebView and implement +isIncludedInWebKitStatistics
to be included.

(-[WebDataSource _initWithDocumentLoader:]): Increment WebDataSourceCount if the WebFrame is included in statistics.
(-[WebDataSource dealloc]): Only --WebDataSourceCount if _private->includedInWebKitStatistics is YES.
(-[WebDataSource finalize]): Ditto.

(-[WebFrameView _setWebFrame:]): Increment WebFrameViewCount if the WebFrame is included in statistics.
(-[WebFrameView initWithFrame:]): Move ++WebFrameViewCount from here since we don't
know what WebFrame we belong to yet.
(-[WebFrameView dealloc]): Only --WebFrameViewCount if _private->includedInWebKitStatistics is YES.
(-[WebFrameView finalize]): Ditto.

WebView/WebHTMLRepresentation.mm:

(-[WebHTMLRepresentation init]): Move ++WebHTMLRepresentationCount from here since we don't
know what WebFrame we belong to yet.
(-[WebHTMLRepresentation dealloc]): Only --WebHTMLRepresentationCount if _private->includedInWebKitStatistics is YES.
(-[WebHTMLRepresentation finalize]): Ditto.
(-[WebHTMLRepresentation setDataSource:]): Increment WebHTMLRepresentationCount if the WebFrame of the dataSource is
included in statistics.

WebView/WebView.mm:

(-[WebView _commonInitializationWithFrameName:groupName:usesDocumentViews:]):
(-[WebView dealloc]):
(+[WebView shouldIncludeInWebKitStatistics]): Return NO, so any WebView wont be included.
Subclasses that care can return YES to be included.

Merged the Safari and Chromium code which extracts the data from
Image objects into common entry points on GraphicsContext3D. This
immediately fixes the following three problems:

Chromium not implementing texSubImage2D taking Image.

Safari not obeying the flipY parameter to texImage2D or
texSubImage2D taking Image.

Safari not obeying the premultipyAlpha parameter to texImage2D
or texSubImage2D taking Image.

Added new test verifying the behavior of texImage2D and
texSubImage2D and the flipY parameter. The premultiplyAlpha
parameter can not be tested yet as the implementation is not yet
spec compliant. This will be fixed in a follow-on bug.

Ran all WebGL demos in demo repository on Safari and Chromium;
textures are now the right way up in both browsers, and
transparent textures in Particles demo now look correct in Safari.

Merged the Safari and Chromium code which extracts the data from
Image objects into common entry points on GraphicsContext3D. This
immediately fixes the following three problems:

Chromium not implementing texSubImage2D taking Image.

Safari not obeying the flipY parameter to texImage2D or
texSubImage2D taking Image.

Safari not obeying the premultipyAlpha parameter to texImage2D
or texSubImage2D taking Image.

Added new test verifying the behavior of texImage2D and
texSubImage2D and the flipY parameter. The premultiplyAlpha
parameter can not be tested yet as the implementation is not yet
spec compliant. This will be fixed in a follow-on bug.

Ran all WebGL demos in demo repository on Safari and Chromium;
textures are now the right way up in both browsers, and
transparent textures in Particles demo now look correct in Safari.

Merged the Safari and Chromium code which extracts the data from
Image objects into common entry points on GraphicsContext3D. This
immediately fixes the following three problems:

Chromium not implementing texSubImage2D taking Image.

Safari not obeying the flipY parameter to texImage2D or
texSubImage2D taking Image.

Safari not obeying the premultipyAlpha parameter to texImage2D
or texSubImage2D taking Image.

Added new test verifying the behavior of texImage2D and
texSubImage2D and the flipY parameter. The premultiplyAlpha
parameter can not be tested yet as the implementation is not yet
spec compliant. This will be fixed in a follow-on bug.

Ran all WebGL demos in demo repository on Safari and Chromium;
textures are now the right way up in both browsers, and
transparent textures in Particles demo now look correct in Safari.

(WebCore::InlineTextBox::paintTextMatchMarker): Use the text renderer rather
than its ancestor block for the local-to-absolute transformation.
(WebCore::InlineTextBox::computeRectForReplacementMarker): Ditto.

Using a machine without the needed tools to build WebKit leads to
several errors and warnings.

Scripts/webkitdirs.pm: Refactored the code testing the command's
presence into a commandExists routine. While doing so removed, stderr
output as it usually does not give anything more than our message. Also
added a Qt check for qmake that was missing.

Draw the buffering status in the media controls. The timebar is
now 2 pixels shorter so dragging it at same absolute position than
before produces a seek at a new position in the media, this
explains the rebaselining of the controls-drag-timebar test.

Initial support for on-disk buffering of videos. This works only
for Quicktime and flv though.

css/mediaControlsGtk.css:

platform/gtk/RenderThemeGtk.cpp:
(WebCore::RenderThemeGtk::paintMediaSliderTrack): Draw the
buffering status in the media controls.

platform/graphics/gtk/MediaPlayerPrivateGStreamer.cpp:
(WebCore::mediaPlayerPrivateMessageCallback): Defer buffering
messages handling to processBufferingStats().
(WebCore::bufferingTimeoutCallback): Closure called periodically
during the on-disk buffering process.
(WebCore::MediaPlayerPrivate::MediaPlayerPrivate): New instance
variables and create playbin2 here instead of doing it in load().
(WebCore::MediaPlayerPrivate::~MediaPlayerPrivate): New instance
variables.
(WebCore::MediaPlayerPrivate::load): Simply set uri on playbin2
instead of creating the pipeline and setting uri all together.
(WebCore::MediaPlayerPrivate::processBufferingStats): Start a new
timeout source if the player is starting on-disk buffering.
(WebCore::MediaPlayerPrivate::queryBufferingStats): Method called
200ms during on-disk buffering to update the maxTimeLoaded and few
other private variables.
(WebCore::MediaPlayerPrivate::maxTimeSeekable):
(WebCore::MediaPlayerPrivate::maxTimeLoaded):
(WebCore::MediaPlayerPrivate::bytesLoaded): Fixed implementations
regarding buffering.
(WebCore::MediaPlayerPrivate::totalBytes): Improved logging.
(WebCore::MediaPlayerPrivate::updateStates): Start playback if it
was internally paused at beginning of on-disk buffering and set
ready/network states depending on the state of the on-disk
buffering process.
(WebCore::MediaPlayerPrivate::didEnd): Emit durationChanged.
(WebCore::MediaPlayerPrivate::setAutobuffer): Edit playbin2 flags
property depending on autoBuffer value.
(WebCore::MediaPlayerPrivate::createGSTPlayBin): Don't set uri
there, it is now done in load().

platform/graphics/gtk/MediaPlayerPrivateGStreamer.h: New methods
and instance variables.